(no subject)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm trying to conntrack/nat a udp-based protocol with a server listening on
port x. My problem is, that the conntrack-helper sees all incoming and
outgoing packets of the control connection, while the nat-helper is only
called for outgoing packets. Due to the nature of the protocol I need
IP_NAT_HELPER_F_ALWAYS to mangle the contents of both outgoing and incoming
packets (even when there are no expected connections).

The scenario is the following:

PC1 -> MASQ -> server

The conntrack module gets a packet from PC1 (src port x, dst port x) and
parses the protocol.
The nat_module mangles the packet content and the packet is send of to the
server with the source address of MASQ (src port x, dst port x).
The conntrack_module receives a packet from Server (src port: high, dst port
x) and parses the protocol.
The nat_module isn't called.

I reqister my modules with the following tuples:

nat_module:
hlpr->tuple.dst.protonum = IPPROTO_UDP;
hlpr->tuple.src.u.udp.port = port x;
hlpr->mask.src.u.udp.port = 0xFFFF;
hlpr->mask.dst.protonum = 0xFFFF;
hlpr->flags = IP_NAT_HELPER_F_ALWAYS;

conntrack_module:
hlpr->tuple.src.u.udp.port = port x;
hlpr->tuple.dst.protonum = IPPROTO_UDP;
hlpr->mask.src.u.udp.port = 0xFFFF;
hlpr->mask.dst.protonum = 0xFFFF;


/proc/net/ip_conntrack lists both connections (answer&reply) as unreplied.
Can someone explain to me why the reply is seen as a new connection ?


regards

Nikolai Dahlem



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux